How concerned should I be about my smart meter security? – Dr Zoya Pourmirza

With Smart Grids comes data and communication infrastructure and the associated unease of how we keep this data and infrastructure safe. This article aims to raise awareness, by sharing knowledge about cyber-security considerations behind the UK smart metering infrastructure and it’s rollout.

About the Author

Dr Zoya Pourmirza, is a postdoctoral research associate at Newcastle University within the School of Electrical and Electronic Engineering. She was awarded her PhD in The Information and Communication Technology (ICT) Architecture in the Smart Grid from University of Manchester. Her research expertise includes Smart Grids ICT networks, cyber-security, communication energy efficiency, and data compression.

Zoya carries out a wide range of research for CESI in the area of cyber-security on energy systems.

Contact:- Zoya.Pourmirza@newcastle.ac.uk

Smart Grids comprise a number of different networks that offer communication infrastructure at the various levels within the power grid. For example:

Supervisory control and data acquisition (SCADA)

Advanced Metering Infrastructure (AMI)

Customer Energy Management Systems

Amongst these communication networks, the AMI system has received significant concerns. These disquiets are mostly around security and privacy of consumers. Most of these concerns could be the result of negative media coverage or lack of knowledge of the AMI system operating as a whole system, while its components are interacting together.

A peace of mind for the Smart Grid customers

It is worth noting that the smart metering infrastructure is not a single component or function, but it is a whole system. This implies that looking into the cyber-security issues of a single component such as a smart meter, individually, would probably give invalid results.

Accordingly, the Department of Energy & Climate Change (DECC) and GCHQ designed the AMI system in such a way that no single compromise would offer a significant impact. The DECC/GCHQ security team developed practical cyber-security control by using the “trust modelling” and “threat modelling” approaches. The former model refers to understanding how different players in the AMI system interact, and where trust needs to be managed. The latter model considers a set of hypothetical intentional/unintentional attack model that could cause an impact. Therefore, cyber-security should not be viewed as a hindrance to the GB smart meter roll out.

Components of the Advanced Metering Infrastructure (AMI)

Organisations involved in the design of the whole smart metering system are:

Gas and electricity meters, and related equipment

Distributed Network Operators (DNOs)

Data Communication Company (DCC)

Communication Service Provider (CSP)

Third parties (e.g. price comparison websites)

How to curtail the impact of vulnerabilities in a Meter

Although it is not possible to build a 100% secure system, but the best practice is to minimise the impact of the vulnerabilities by providing a balance between security, affordability, and business needs, while meeting the policy and national security objectives.

The following chart visualises security concerns, potential attacks, and countermeasures in the AMI system through a number of phases where an attacker tries to gain access to the smart meter to create a negative impact on the power grid.

This article, however, does not suggest that it is impossible to compromise the AMI system, but it discusses it would be a relatively arduous process to cause severe impact on the power grid, and customers are not as vulnerable as what they think they are. Therefore, while researchers should take the security and data privacy into consideration, we can focus our energy and resources on cyber-securing other segments of the Smart Grid, which can cause greater negative impacts on the power grid infrastructure and customers.